linotp.lib.audit.SQLAudit module

This is the Audit Class, that writes Audits to SQL DB

uses a public/private key for signing the log entries

# create keypair: # openssl genrsa -out private.pem 2048 # extract the public key: # openssl rsa -in private.pem -pubout -out public.pem
class linotp.lib.audit.SQLAudit.Audit(config)[source]

Bases: linotp.lib.audit.base.AuditBase

Audit Implementation to the generic audit interface

getTotal(param, AND=True, display_error=True)[source]

This method returns the total number of audit entries in the audit store

initialize_log(param)[source]

This method initialized the log state. The fact, that the log state was initialized, also needs to be logged. Therefor the same params are passed as i the log method.

log(param)[source]

This method is used to log the data. It splits information of multiple tokens (e.g from import) in multiple audit log entries

log_entry(param)[source]

This method is used to log the data. It should hash the data and do a hash chain and sign the data

row2dict(audit_line)[source]

convert an SQL audit db to a audit dict

Parameters:audit_line – audit db row
Returns:audit entry dict
searchQuery(param, AND=True, display_error=True, rp_dict=None)[source]

This function is used to search audit events.

param:
Search parameters can be passed.
return:
a result object which has to be converted with iter() to an iterator
set()[source]

This function could be used to set certain things like the signing key. But maybe it should only be read from linotp.ini?

class linotp.lib.audit.SQLAudit.AuditTable(serial=u'', action=u'', success=u'False', tokentype=u'', user=u'', realm=u'', administrator=u'', action_detail=u'', info=u'', linotp_server=u'', client=u'', log_level=u'INFO', clearance_level=0, config_param=None)[source]

Bases: object

action
action_detail
administrator
clearance_level
client
id
info
linotp_server
log_level
realm
serial
signature
success
timestamp
tokentype
user
linotp.lib.audit.SQLAudit.add_column(engine, table, column)[source]

small helper to add a column by calling a native ‘ALTER TABLE’ to replace the need for sqlalchemy-migrate

from: http://stackoverflow.com/questions/7300948/add-column-to-sqlalchemy-table

Parameters:
  • engine – the running sqlalchemy
  • table – in which table should this column be added
  • column – the sqlalchemy definition of a column
Returns:

boolean of success or not

linotp.lib.audit.SQLAudit.and_(*clauses)

Produce a conjunction of expressions joined by AND.

E.g.:

from sqlalchemy import and_

stmt = select([users_table]).where(
                and_(
                    users_table.c.name == 'wendy',
                    users_table.c.enrolled == True
                )
            )

The and_() conjunction is also available using the Python & operator (though note that compound expressions need to be parenthesized in order to function with Python operator precedence behavior):

stmt = select([users_table]).where(
                (users_table.c.name == 'wendy') &
                (users_table.c.enrolled == True)
            )

The and_() operation is also implicit in some cases; the Select.where() method for example can be invoked multiple times against a statement, which will have the effect of each clause being combined using and_():

stmt = select([users_table]).\
            where(users_table.c.name == 'wendy').\
            where(users_table.c.enrolled == True)

See also

or_()

linotp.lib.audit.SQLAudit.asc(column)

Produce an ascending ORDER BY clause element.

e.g.:

from sqlalchemy import asc
stmt = select([users_table]).order_by(asc(users_table.c.name))

will produce SQL as:

SELECT id, name FROM user ORDER BY name ASC

The asc() function is a standalone version of the ColumnElement.asc() method available on all SQL expressions, e.g.:

stmt = select([users_table]).order_by(users_table.c.name.asc())
Parameters:column – A ColumnElement (e.g. scalar SQL expression) with which to apply the asc() operation.

See also

desc()

nullsfirst()

nullslast()

Select.order_by()

linotp.lib.audit.SQLAudit.desc(column)

Produce a descending ORDER BY clause element.

e.g.:

from sqlalchemy import desc

stmt = select([users_table]).order_by(desc(users_table.c.name))

will produce SQL as:

SELECT id, name FROM user ORDER BY name DESC

The desc() function is a standalone version of the ColumnElement.desc() method available on all SQL expressions, e.g.:

stmt = select([users_table]).order_by(users_table.c.name.desc())
Parameters:column – A ColumnElement (e.g. scalar SQL expression) with which to apply the desc() operation.

See also

asc()

nullsfirst()

nullslast()

Select.order_by()

linotp.lib.audit.SQLAudit.getAsString(data)[source]

We need to distinguish, if this is an entry after the adding the client entry or before. Otherwise the old signatures will break!

linotp.lib.audit.SQLAudit.now()[source]
linotp.lib.audit.SQLAudit.or_(*clauses)

Produce a conjunction of expressions joined by OR.

E.g.:

from sqlalchemy import or_

stmt = select([users_table]).where(
                or_(
                    users_table.c.name == 'wendy',
                    users_table.c.name == 'jack'
                )
            )

The or_() conjunction is also available using the Python | operator (though note that compound expressions need to be parenthesized in order to function with Python operator precedence behavior):

stmt = select([users_table]).where(
                (users_table.c.name == 'wendy') |
                (users_table.c.name == 'jack')
            )

See also

and_()